tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Russell <>
Subject Re: How can I tell which version of OpenSSL is being used with tomcat?
Date Wed, 09 Apr 2014 17:17:16 GMT
On Wed, Apr 9, 2014 at 12:13 PM, James H. H. Lampert <> wrote:

> On 4/9/14 10:01 AM, Andrew Russell wrote:
>> If I installed tomcat on windows using the service installer, how can I
>> know which version of openssl was used?
> All I know is that if you're using a Java keystore and Keytool (or
> KeyStore Explorer) to set it up and maintain it, you're most likely not
> using ANY version of OpenSSL; you're using JSSE (which isn't affected by
> HeartBleed) instead.
> Given that I've never set up security for Tomcat on any platform other
> than an IBM Midrange system (on which JSSE seems to be the only viable
> choce for SSL in Tomcat), I was actually rather astonished when I first
> learned that other platforms usually used OpenSSL.
> --
Thank you for the quick response!

It's a mixed bag, some are java keystores and some are pfx files.

So I'm only using OpenSSL if it's marked as such in the configuration file?

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message